x/vulndb: potential Go vuln in github.com/hashicorp/vagrant: GHSA-47xw-vw6m-w9fq

[GoVulnBot]

In GitHub Security Advisory GHSA-47xw-vw6m-w9fq, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/vagrant	2.4.0	< 2.4.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/vagrant
      versions:
        - fixed: 2.4.0
      packages:
        - package: github.com/hashicorp/vagrant
summary: |-
    HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point
    vulnerability
cves:
    - CVE-2023-5834
ghsas:
    - GHSA-47xw-vw6m-w9fq
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-5834
    - web: https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568
    - advisory: https://github.com/advisories/GHSA-47xw-vw6m-w9fq

[gopherbot]

Change https://go.dev/cl/539339 mentions this issue: data/excluded: batch add 7 excluded reports